I’m not finding any information online other than that it’s difficult
You must log in or register to comment.
Anti cheat software tries to find cheats running on the computer, and in order to that, so called kernel-level anticheat hooks into NT (Windows kernel) internals, and runs at the highest possible privilege level. It has to do that so it can monitor everything going on in the system. If it didn’t do that, the cheat could just hide from the anticheat software by running with superior privileges.
Wine does not implement undocumented/internal parts of NT, and neither does it run at an elevated privilege level. It also cannot realistically implement any and all possible NT kernel internals, and it cannot possibly hide the fact that it’s actually wine, and not real Windows, from any program that really wants to figure this out.
If wine tried to implement a specific workaround for a specific anti-cheat software/version, in order to it trick into thinking it’s running on a real Windows system with elevated privileges, the anti-cheat vendor would likely interpret this as a kind of deception, and they could easily update their software to detect this situation.
Theoretically, anti-cheat vendors could do kernel-level anticheat for the Linux kernel specifically if the game runs on Linux, but this has problems: First of all a general backlash and complete lack of cooperation from the Linux community (btw, Microsoft isn’t too happy about them doing this on Windows either, and they might at some point do something about this, since it’s bad for security and stability). Also, Linux kernel internals aren’t at all stable, and so just practically you cannot hook into the Linux kernel nearly as easily as you can into NT.
Some anti-cheat vendors do support Linux though, but only optionally if the game dev allows that. In practice, this just means many checks will just be disabled on Linux, which is presumably why many games do not enable the Linux support.
tl;dr: No. Only the anti-cheat vendor / game dev can realistically fix the situation, and they may not want to because it’ll be worse at actually detecting cheats on Linux in practice.
it already runs anticheat whenever game developers allow it to.
No, forget anticheat games. It’s not possible to create a “fake” rootkit. If it was possible, they would have done it for Windows too, and it would defeat the purpose of anti-cheat. So, just don’t run these games. They don’t worth your security.
I mean I wouldn’t mind defeating the purpose of anticheat. Let’s all defeat the purpose of anticheat.
Lightning flashes, sparks shower, in one blink of your eyes you’ve mis-seen.
Yes, we are waiting for the CrowdStrike aha moment where the industry learns the hard way that anticheat with root privileges was a dangerous idea not worth the risks.
User space level anticheat yes,kernel anticheat no and I actually happy about ,kernel level anticheat behaving literally like malware/rootkit
Kernel level anticheat that thinks it’s kernel level and runs in userspace is the best of both worlds though, is it not?
if that was possible, it would be relatively easy to defeat them on windows too
No, because then you can just run software cheats at kernel level which would be completely undetectable to userspace anti cheat
So? I just want the games to run, I don’t care about that side of it at all, that side of it is essentially pointless to me. There were always workarounds anyway, what does it matter?
At that point you might as well not have a kernel level anti cheat and companies who insist on kernel level anti cheat will block wine. The only solutions I see are
- Developers mainly use server side anti cheat
- They make native Linux games
- Distros provide a way to ensure a untainted (signed) kernel
That would ba a massive win in my book, kernel level anticheat is malware.
make it so that they can’t block wine without blocking windows and kernel level anticheat is gone
You cannot realistically make it impossible to detect that you’re running on wine. Wine just implements the Windows ABIs. The actual code running is totally different. Even just reading any of the binary code of literally any function would reveal it’s different from the Windows code. How are you going to stop it from doing memory reads on stuff that it needs to be able to read? You can’t. You’d need a full hardware emulator for that.
Developers who use kernel anti-cheat don’t support Linux because userspace anti-cheat is largely pointless. It doesn’t matter if you personally don’t care, the companies that want anti-cheat do care.
The workaround for kernel anti-cheat requires hundreds of USD in hardware. The workaround for userspace anti-cheat is entirely software.
Because of this, you will have less cheaters if cheating has a $500 price tag. That’s why kernel anti-cheat is effective, there’s no way for that to be solved with a WINE patch.
I simply do not believe that it costs that much to cheat with kernel level anticheat.
kernel level anticheat is pointless malware in my book, let it burn
It requires either a Direct Memory Access card and supporting software or a video capture card and enough processing power to run fast image classification for AI aim bots.
Anything running directly on the PC can be detected by the kernel anti-cheat.
You can look online for the hardware and prices
What about a VM?
That’s why kernel anti-cheat is effective
Is it actually effective tho?
It doesn’t stop cheating, it just makes cheating require spending a few hundred dollars and dealing with complex hardware setups. This means that relatively few people try.
Non-kernel anti-cheat can be bypassed by software. So it’s cheap and easily available.
That’s the only difference. Kernel anti-cheat doesn’t prevent cheating, it just makes it more expensive.
Can’t you just use a virtual machine?
Anticheat detects if you’re running normal Windows or something else.
If you’re using something else, they won’t let you play the game.
Wine is something else.
That is something I’m aware of but not what I’m looking for, I’m looking for news about workarounds, preferably new news, if there is any
Most could, but most are also designed not to because adding a virtualization type of layer allows for ways to circumvent it. Anticheat needs to trust the environment it is running in so it can rely on the information. Wine is designed to replicate things it trusts in Windows, but not actually necessarily replicate the way the kernel actually does those things, so the things they are relying on might not mean the same thing as the do in Windows. So they’d need to analyze and possibly implement things a bit differently. This takes time and money and for companies like this, the customer isn’t the user, so they have little reason to cater to users needs. Pro gaming and a few online game companies are their primary customers and they generally don’t want to support Linux anyway.
https://areweanticheatyet.com/no-js
Proton anti-cheat works with punk buster and what ever garbage gta5 is using now.
I wonder if immutable systems could negate the need for kernel anti cheat. If the game can ensure the current kernel and image is one from a list of acceptable ones, it doesn’t need to kernel anti cheat. They could do this by comparing the checksum or something.
That’s essentially a console and not a ‘pc’
Did you know that most big anti cheat systems actually do run in Wine when allowed to by the developer?
Yeah but that doesn’t count tbh, if the dev has to give the okay we lose a ton of games, and that isn’t what I’m looking for, the dev shouldn’t be able to know it isn’t running on windows
You can’t lose what you never had, though. ;-)
Then the answer is definitely not - at the very least Wine would need to simulate a very large part of the NT kernel.
I hope not. I hope it never does. Windows users are weird enough not giving a shit about installing rootkits on their computer. We don’t want this in Linux. What computer is worth compromising just for some game to determine whether or not you’re cheating at it?
I don’t want it to properly function, I want it to run in userspace.
Just buy a minipc and use it solely for gaming on Windows if you really need to game.
Based on his other comments, he’s hoping to use Wine to cheat
No, I have no interest in cheating
No idea why you’ve been down voted. If someone simply must play kernel level anti-cheat games, the best way to do it is on Windows. Developers have made it very clear they do not trust Wine/Proton/Linux and that are market share is simply too small to care.
Unlikely; ultimately wine can run userspace anti-cheat but not kernel level anti-cheat, not by itself, is this were to happen it would take a few changes on how we do things
Ive seen it suggested from others/content-creators that valve or some other finacially involved company should make their own distro or simply a kernel that would have built in killswitch that flags the user when they fail required modification checks and prevents online play.
What really needs to happen is the eventual mass exodus from windows due to its continued enshitification. The increase in linux users + any notable figures like pro gamers or content creators that switch over to linux will force game developers financially to open anticheat to linux users and make a blanket solution.
Yeah kernel level with hacks is what I’m interested in, couldn’t the wine client give fake kernel level control to them that’s actually in userspace?
If it could the anti-cheat system wouldn’t be worth using. Being able to “trick” the anti-cheat system into thinking something else is going on than actually happens is the same an actual “cheat” would do. That’s why kernel level anti-cheat system go though a lot of trouble to detect any kind of virtualization or similar tricks…the moment you could trick them into accepting a fake kernel is also the moment that fake kernel can pretend the fake input it generates actually comes from a real mouse or the checksum of that openGL/vulkan library is exactly the one expected and not the one of some altered libraries that “accidentally” forget to not render stuff behind walls…
It’s also something that needs to be kept in mind when talking about “Companies can just enable the linux support in their anti-cheat systems but they don’t.” While this is true of course it also means the kernel-level anti-cheat systems are bared from kernel-access and degraded to user-space only. And as people have access to the source-code of the linux kernel nothing is stopping anyone from just modifying the kernel to…give more “favorable results” while playing the game. Of course the linux playerbase it too tiny to really offer a market for such cheats…but it’s not completely unreasonable to not want to erode the capabilities of your anti-cheat system (That is of course if you believe they work in the first place…but that’s a different discussion).
It not being worth using is good, I want this malware practice to die.
i’m sure there are already workarounds on windows, it’s not like cheating has been eliminated there
It not being worth using is good, I want this malware practice to die.
Which is a noble goal in my view, I completely agree. But you will not be able to use anything like wine to achieve this…anti-cheat software is specifically designed to prevent all the things that wine does (For the reason that there is no technical difference between a “cheat program” and what wine does)
i’m sure there are already workarounds on windows, it’s not like cheating has been eliminated there
Actually I read about an interesting way a few months ago…on games that enabled linux support in their anti-cheat systems windows “cheats” started spoofing the OS signature to make the anti-cheat system think it runs on wine and turning of the kernel-level anticheat…
But as I said, the effectiveness of anit-cheat is a different discussion independent of the question if wine will support them. Even if anti-cheat systems are ineffective it doesn’t change that they are mainly aimed at stopping exactly the kind of “trickery” wine does. Wine would have to play the same cat and mouse game with anti-cheat as cheats do…if it finds a away to work around them the anti-cheat systems need to find a way to prevent that workaround.
Sounds like a terrible idea; this would only further deteriorate the trust some companies have in Linux with anti-cheat, that would be terrible for the adoption
